Formjacking in the Nutshell
For decades, people have learned the wonders of web 2.0, where forms are displayed by online shopping site, payment processors and banking websites. This familiarity is being exploited by virus authors, as the Formjacking malware takes advantage of a user’s trust. The biggest mistake here is the decades-old understanding that whatever information entered into the form is securely sent to a secure system that will process the information to complete the desired result, like completing a shopping procedure.
Formjacking is a new tool for a major improvement on how social engineering works, it is less hassle for the cybercriminals. The users themselves voluntarily surrender their information in a form they believe is legitimate and secure. Once the information is stolen, the threat actors now have the information of the user, useful for a future identity theft operation, bank fraud and other criminal activity where they start pretending as the person of the stolen information.
Symantec has observed the growth of Formjacking attacks in the wild; they have analyzed the pattern of their operations and already have at least 5 big names already fell victim to it. Security issues with Ticketmaster, Newegg, British Airways and Feedify were associated with just one formjacking group named Magecart.
With the way the mentioned companies operate is with the use of web forms to collect user information to complete a customer-to-service provider-transaction. As for many years, their users learned to trust the web form system they use, the moment the formjacking occurred, it became an instant success for the threat actors.
The global statistics all of us are facing according to Symantec is the nasty situation that users are always at risk of losing their personally identifiable information to unknown third parties, thanks to formjacking. Since August 13, 2018, alone, Symantec has detected and blocked 248,000 formjacking incidents. The instances of formjacking attacks are estimated to increase, as it is very effective in capturing user information with the minimal set of efforts.
According to Symantec, all companies and legal entities operating a website or payment transactions online is at risk to formjacking. Magecart group’s operations are still being investigated at the time of this writing, in fact, the circumstances surrounding the Newegg and British Airways formjacking incidents are not yet known.
The only way to protect a website from formjacking is for their webmasters to maintain a high level of regular auditing of the codes. Formjacking changes the functionality of the text boxes of a web form window, and careful, regular observation will provide enough hints that the original codes have been changed, this indicates that the site is tampered by outsiders.